Show pagesourceBack to top Share via Share via... Twitter LinkedIn Telegram Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents TPM vs TPM2 TPM 2.0 Platform Configuration Registers (PCR) Linux unlock LUKS with TPM2 LUKS on TPM This is an old revision of the document! Trusted Platform Module TPM vs TPM2 TPM 2.0 Platform Configuration Registers (PCR) PC Client specification allocation example: PCR Number Allocation 0 BIOS 1 BIOS configuration 2 Option ROMs 3 Option ROM configuration 4 MBR (master boot record) 5 MBR configuration 6 State transitions and wake events 7 Platform manufacturer specific measurements 8-15 Static operating system 16 Debug 23 Application support (source: Arthur W., Challener D., Goldman K. (2015) Platform Configuration Registers. In: A Practical Guide to TPM 2.0. Apress, Berkeley, CA.) Linux clevis – a plugable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes. unlock LUKS with TPM2 On Fedora: dnf install clevis clevis-luks clevis-dracut clevis-udisks2 clevis-systemd lsblk -f cryptsetup luksDump /dev/disk/by-uuid/… # trigger on every change but BIOS setting changes clevis luks bind -d /dev/disk/by-uuid/… tpm2 '{"pcr_ids":"0,2,3,4,5,6,7"}' # for the dracut unlocker dracut -f (source: Kowalski7cc) LUKS on TPM see LUKS Last modified: 2020-08-09 18:13